Javascript not enabled

Intrusion detection consists of procedures and systems that identify system
intrusions and take action when an intrusion is detected.

3.

Once the OS is known, all of the vulnerabilities to which a system is
susceptible can easily be determined.

4.

A false positive is the failure of an IDPS system to react to an actual attack
event.

5.

To use a packet sniffer legally, an administrator only needs permission of the
organization's top computing executive.

6.

A strategy based on the concept of defense in depth is likely to include
intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated
log analyzers, and protocol analyzers.

7.

Passive scanners are advantageous in that they require vulnerability analysts to
get approval prior to testing.

8.

IDPS responses can be classified as active or passive.

9.

An IDPS can be configured to dial a phone number and produce an alphanumeric
page or other type of signal or message.

10.

The process by which attackers change the format and/or timing of their
activities to avoid being detected by the IDPS is known as a false attack stimulus.

A fully distributed IDPS control strategy is an IDPS implementation approach in
which all control functions are applied at the physical location of each IDPS component..

13.

Your organization’s operational goals, constraints, and culture should not
affect the selection of the IDPS and other security tools and technologies to protect your
systems.

14.

All IDPS vendors target users with the same levels of technical and security
expertise.

15.

To assist in the footprint intelligence collection process, attackers may use an
enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of
information, such as server names and e-mail addresses.

16.

Services using the TCP/IP protocol can run only on their commonly used port
number as specified in their original Internet standard.

17.

HIDPSs are also known as system integrity verifiers.

18.

A passive IDPS response is a definitive action automatically initiated when
certain types of alerts are triggered.

19.

An HIDPS can detect local events on host systems and also detect attacks that
may elude a network-based IDPS.

20.

A HIDPS is optimized to detect multihost scanning, and it is able to detect the
scanning of non-host network devices, such as routers or switches.

21.

Administrators who are wary of using the same tools that attackers use should
remember that most organizations prohibit use of open source or freeware software tools.

22.

Intrusion detection and prevention systems perform monitoring and analysis of
system events and user behaviors.

23.

A HIDPS can monitor systems logs for predefined events.

24.

The anomaly-based IDPS collects statistical summaries by observing traffic that
is known to be normal.

Secure Electronic Transactions was developed by MasterCard and VISA in 1997 to
protect against electronic payment fraud.

28.

A cryptovariable is a value representing the application of a hash algorithm on
a message.

29.

The asymmetric encryption systems use a single key to both encrypt and decrypt a
message.

30.

Nonrepudiation means that customers or partners can be held accountable for
transactions, such as online purchases, which they cannot later deny.

31.

Bluetooth is a de facto industry standard for short-range wireless
communications between devices.

32.

A brute force function is a mathematical algorithms that generate a message
summary or digest (sometimes called a fingerprint) to confirm message identity and
integrity.

33.

The permutation cipher simply rearranges the values within a block to create the
ciphertext.

34.

You cannot combine the XOR operation with a block cipher operation.

35.

The encapsulating security payload protocol provides secrecy for the contents of
network communications as well as system-to-system authentication and data integrity
verification.

36.

In 1917, Gilbert S.Vernam, an AT&T employee, invented a polyalphabetic
cipher machine that used a non-repeating random key.

37.

PKI systems are based on public key cryptosystems and include digital
certificates and certificate authorities.

38.

In addition to being credited with inventing a substitution cipher, Julius
Caesar was associated with an early version of the transposition cipher.

39.

Sequence encryption is a series of encryptions and decryptions between a number
of systems, wherein each system in a network decrypts the message sent to it and then reencrypts it
using different keys and sends it to the next neighbor, and this process continues until the message
reaches the final destination.

40.

When an asymmetric cryptographic process uses the sender’s private key to
encrypt a message, the sender’s public key must be used to decrypt the message.

41.

3DES was created to offer the same strength as the DES algorithm but ran three
times as fast, thus saving time.

42.

The most common hybrid system is based on the Diffie-Hellman key exchange, which
is a method for exchanging private keys using public key encryption.

43.

The AES algorithm was the first public key encryption algorithm to use a 256 bit
key length.

44.

Steganography is a data hiding method that involves embedding information within
other files, such as digital pictures or other images.

45.

One encryption method made popular by spy movies involves using the text in a
book as the key to decrypt a message.

46.

SSL builds on the encoding format of the Multipurpose Internet Mail Extensions
protocol and uses digital signatures based on public key cryptosystems to secure e-mail.

47.

Usually, as the length of a crytpovariable increases, the number of random
guesses that have to be made in order to break the code is reduced.

48.

Common implementations of a Registration Authority (RA) include functions
to issue digital certificates to users and servers.

49.

Hashing functions require the use of keys.

50.

Internet Protocol Security (IPSec) is an open-source protocol framework for
security development within the TCP/IP family of protocol.

Multiple ChoiceIdentify the
choice that best completes the statement or answers the question.

51.

. Activities that scan network locales for active systems and then identify
the network services offered by the host systems is known as __________.

a.

port knocking

c.

footprinting

b.

doorknob rattling

d.

fingerprinting

52.

Using __________, the system reviews the log files generated by servers, network
devices, and even other IDPSs.

a.

LFM

c.

AppIDPS

b.

stat IDPS

d.

HIDPS

53.

Which of the following is NOT a described IDPS control strategy?

a.

centralized

c.

partially distributed

b.

fully
distributed

d.

decentralized

54.

Which of the following ports is commonly used for the HTTP protocol?

a.

20

c.

53

b.

25

d.

80

55.

A(n) __________ is a software program or hardware appliance that can intercept,
copy, and interpret network traffic.

a.

packet scanner

c.

honey pot

b.

packet sniffer

d.

honey packet

56.

A(n) __________ is an event that triggers an alarm when no actual attack is in
progress.

a.

false neutral

c.

false negative

b.

false attack stimulus

d.

noise

57.

To use a packet sniffer legally, the administrator must __________.

a.

be on a network that the organization owns

c.

have knowledge and consent of the
content’s creators

b.

be under direct authorization of the
network’s owners

d.

all
of the above

58.

__________ is the process of classifying IDPS alerts so that they can be more
effectively managed.

a.

Alarm filtering

c.

Alarm compaction

b.

Alarm clustering

d.

Alarm
attenuation

59.

__________ applications use a combination of techniques to detect an intrusion
and then trace it back to its source.

a.

Honeynet

c.

HIDPS

b.

Trap and trace

d.

Packet Sniffer

60.

Network Behavior Analysis system __________ sensors are typically intended for
network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often
between the firewall and the Internet border router to limit incoming attacks that could overwhelm
the firewall.

a.

inline

c.

passive

b.

offline

d.

bypass

61.

To determine whether an attack has occurred or is underway, NIDPSs compare
measured activity to known __________ in their knowledge base.

__________ are decoy systems designed to lure potential attackers away
from critical systems.

a.

Honeypots

c.

Wasp Nests

b.

Bastion Hosts

d.

Designated
Targets

64.

Intrusion __________ activities finalize the restoration of operations to a
normal state and seek to identify the source and method of the intrusion in order to ensure that the
same type of attack cannot occur again.

a.

prevention

c.

detection

b.

reaction

d.

correction

65.

Most network behavior analysis system sensors can be deployed in __________ mode
only, using the same connection methods as network-based IDPSs.

a.

passive

c.

reactive

b.

active

d.

dynamic

66.

In TCP/IP networking, port __________ is not used

a.

0

c.

13

b.

1

d.

1023

67.

__________ testing is a straightforward testing technique that looks for
vulnerabilities in a program or protocol by feeding random input to the program or a network running
the protocol.

a.

Buzz

c.

Spike

b.

Fuzz

d.

Black

68.

__________ is the action of luring an individual into committing a crime to get
a conviction.

a.

Entrapment

c.

Intrusion

b.

Enticement

d.

Padding

69.

A __________ vulnerability scanner listens in on the network and identifies
vulnerable versions of both server and client software.

a.

passive

c.

active

b.

aggressive

d.

secret

70.

A __________ port, also known as a monitoring port, is a specially configured
connection on a network device that is capable of viewing all of the traffic that moves through the
entire device.

a.

NIDPS

c.

DPS

b.

SPAN

d.

IDSE

71.

__________ are usually passive devices and can be deployed into existing
networks with little or no disruption to normal network operations.

a.

NIDPSs

c.

AppIDPSs

b.

HIDPSs

d.

SIDPSs

72.

The ability to detect a target computer’s __________ is very valuable to
an attacker.

a.

manufacturer

c.

peripherals

b.

operating system

d.

BIOS

73.

__________ benchmark and monitor the status of key system files and detect when
an intruder creates, modifies, or deletes monitored files.

a.

NIDPSs

c.

AppIDPSs

b.

HIDPSs

d.

SIDPSs

74.

Some vulnerability scanners feature a class of attacks called _________, that
are so dangerous they should only be used in a lab environment.

a.

aggressive

c.

destructive

b.

divisive

d.

disruptive

75.

A(n) __________ works like a burglar alarm in that it detects a violation (some
system activities analogous to an opened or broken window) and activates an alarm.

a.

IDPS

c.

UDP

b.

WiFi

d.

DoS

76.

__________ are encrypted messages that can be mathematically proven to be
authentic.

a.

Digital signatures

c.

Message certificates

b.

MAC

d.

Message digests

77.

__________ is the information used in conjunction with an algorithm to create
the ciphertext from the plaintext or derive the plaintext from the ciphertext.

a.

Password

c.

Key

b.

Cipher

d.

Passphrase

78.

__________ is the entire range of values that can possibly be used to construct
an individual key.

a.

Code

c.

Algorithm

b.

Keyspace

d.

Cryptogram

79.

__________ is an integrated system of software, encryption methodologies,
protocols, legal agreements, and third-party services that enables users to communicate
securely.

a.

MAC

c.

DES

b.

PKI

d.

AES

80.

More advanced substitution ciphers use two or more alphabets, and are referred
to as __________ substitutions.

a.

multialphabetic

c.

polyalphabetic

b.

monoalphabetic

d.

polynomic

81.

__________ is the current federal information processing standard that specifies
a cryptographic algorithm used within the U.S. government to protect information in federal agencies
that are not a part of the national defense infrastructure.

a.

DES

c.

AES

b.

2DES

d.

3DES

82.

The __________ protocol provides system-to-system authentication and data
integrity verification, but does not provide secrecy for the content of a network
communication.

a.

ESP

c.

HA

b.

AH

d.

SEP

83.

The __________ is responsible for the fragmentation, compression, encryption,
and attachment of an SSL header to the cleartext prior to transmission.

a.

Standard HTTP

c.

S-HTTP

b.

SFTP

d.

SSL Record
Protocol

84.

__________ is a protocol that can be used to secure communications across any
IP-based network such as LANs, WANs, and the Internet.

a.

PEM

c.

IPSec

b.

SSH

d.

SET

85.

_________ is a hybrid cryptosystem that combines some of the best available
cryptographic algorithms and has become the open-source de facto standard for encryption and
authentication of e-mail and file storage applications.

a.

PGP

c.

AH

b.

DES

d.

ESP

86.

SHA-1 produces a(n) ___________-bit message digest, which can then be used as an
input to a digital signature algorithm.

a.

48

c.

160

b.

56

d.

256

87.

Using a database of precomputed hashes from sequentially calculated passwords
called a(n) __________, an attacker can simply look up a hashed password and read out the text
version.

a.

timing matrix

c.

rainbow table

b.

agile scrum

d.

smurf list

88.

Key__________ functions are mathematical algorithms that generate a message
summary or digest to confirm the identity of a specific message and to confirm that there have not
been any changes to the content.

a.

Hash

c.

Key

b.

Map

d.

Encription

89.

__________ is the amount of effort (usually in hours) required to perform
cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.

a.

Code

c.

Key

b.

Algorithm

d.

Work factor

90.

Digital signatures should be created using processes and products that are based
on the __________.

a.

DSS

c.

SSL

b.

NIST

d.

HTTPS

91.

At the World Championships in Athletics in Helsinki in August of 2005, a virus
called Cabir infected dozens of __________, the first time this occurred in a public setting.

a.

Ipad tablets

c.

WiFi routers

b.

Bluetooth mobile phones

d.

laptop Macintosh
computers

92.

Bit stream methods commonly use algorithm functions like the exclusive OR
operation (__________).

a.

XOR

c.

NOR

b.

EOR

d.

OR

93.

__________ was developed by Phil Zimmermann and uses the IDEA Cipher for message
encoding.

a.

PEM

c.

S/MIME

b.

PGP

d.

SSL

94.

An X.509 v3 certificate binds a ___________, which uniquely identifies a
certificate entity, to a user’s public key.

a.

message digest

c.

distinguished name

b.

fingerprint

d.

digital
signature

95.

The CA periodically distributes a(n) _________ to all users that identifies all
revoked certificates.

a.

CRL

c.

MAC

b.

RA

d.

RDL

96.

A __________ is a key-dependent, one-way hash function that allows only specific
recipients (symmetric key holders) to access the message digest.

a.

signature

c.

fingerprint

b.

MAC

d.

digest

97.

__________ is the process of converting an original message into a form that is
unreadable to unauthorized individuals.

a.

Encryption

c.

Cryptology

b.

Decryption

d.

Cryptography

98.

A method of encryption that requires the same secret key to encipher and
decipher the message is known as __________ encryption.

a.

asymmetric

c.

public

b.

symmetric

d.

private

99.

The __________ algorithm, developed in 1977, was the first public key encryption
algorithm published for commercial use.